Hi guys, is anybody successfully doing CVC traffic shaping at the head end for NBN services ?? Having a hard time getting traffic to match the CVC's for outgoing management, it should be working with just the mangle rule on the postrouting chain using the CVC vlan as the interface I would have thought, but I can't get any packets to match the sucker ! I'm wondering if it might have something to do with the bonding setup for LACP and whether I have to enable the firewall for vlans in the bridge firewall settings. Any thoughts ? Regards Paul
Hi Paul, We're not connecting to the NBN but here's a config from a RB2011 that I'm using as an NTU for a L2 network handoff. The customer router is connected to ether2 and the data is bridged onto a tagged VLAN and out ether1 (to the access network). I found that I had to enable use-ip-firewall-for-pppoe=yes for the queue to actually start tracking the traffic (the customer connection is PPPoE). /interface vlan add interface=ether1 l2mtu=1594 name=ether1.Data vlan-id=850 /interface bridge filter add action=mark-packet chain=forward in-bridge=data_bridge new-packet-mark=customer01 out-interface=ether2 add action=mark-packet chain=forward in-bridge=data_bridge in-interface=ether2 new-packet-mark=customer01 /interface bridge port add bridge=data_bridge interface=ether1.Data add bridge=data_bridge interface=ether2 /interface bridge settings set use-ip-firewall=yes use-ip-firewall-for-pppoe=yes use-ip-firewall-for-vlan=yes /queue simple add burst-limit=40M/100M burst-time=5s/5s max-limit=40M/100M name=Internet_e2_100/40 packet-marks=customer01 target=ether2 Regards, Dave On Mon, Aug 18, 2014 at 11:09 AM, Paul Julian <paul@oxygennetworks.com.au> wrote:
Hi guys, is anybody successfully doing CVC traffic shaping at the head end for NBN services ??
Having a hard time getting traffic to match the CVC's for outgoing management, it should be working with just the mangle rule on the postrouting chain using the CVC vlan as the interface I would have thought, but I can't get any packets to match the sucker ! I'm wondering if it might have something to do with the bonding setup for LACP and whether I have to enable the firewall for vlans in the bridge firewall settings.
Any thoughts ?
Regards Paul _______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.au
HI Dave, thanks for your reply, so did you create the bridge to get this to work in your scenario or are you doing the PPPOE somewhere else ? Regards Paul -----Original Message----- From: Public [mailto:public-bounces@talk.mikrotik.com.au] On Behalf Of David Smith Sent: Monday, 18 August 2014 12:17 PM To: MikroTik Australia Public List Subject: Re: [MT-AU Public] NBN Traffic Management Hi Paul, We're not connecting to the NBN but here's a config from a RB2011 that I'm using as an NTU for a L2 network handoff. The customer router is connected to ether2 and the data is bridged onto a tagged VLAN and out ether1 (to the access network). I found that I had to enable use-ip-firewall-for-pppoe=yes for the queue to actually start tracking the traffic (the customer connection is PPPoE). /interface vlan add interface=ether1 l2mtu=1594 name=ether1.Data vlan-id=850 /interface bridge filter add action=mark-packet chain=forward in-bridge=data_bridge new-packet-mark=customer01 out-interface=ether2 add action=mark-packet chain=forward in-bridge=data_bridge in-interface=ether2 new-packet-mark=customer01 /interface bridge port add bridge=data_bridge interface=ether1.Data add bridge=data_bridge interface=ether2 /interface bridge settings set use-ip-firewall=yes use-ip-firewall-for-pppoe=yes use-ip-firewall-for-vlan=yes /queue simple add burst-limit=40M/100M burst-time=5s/5s max-limit=40M/100M name=Internet_e2_100/40 packet-marks=customer01 target=ether2 Regards, Dave On Mon, Aug 18, 2014 at 11:09 AM, Paul Julian <paul@oxygennetworks.com.au> wrote:
Hi guys, is anybody successfully doing CVC traffic shaping at the head end for NBN services ??
Having a hard time getting traffic to match the CVC's for outgoing management, it should be working with just the mangle rule on the postrouting chain using the CVC vlan as the interface I would have thought, but I can't get any packets to match the sucker ! I'm wondering if it might have something to do with the bonding setup for LACP and whether I have to enable the firewall for vlans in the bridge firewall settings.
Any thoughts ?
Regards Paul _______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com. au
_______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.au
I'm hosting the PPPoE server in another site so this config is essentially duplicating the UNI-D port of an NBN (i.e. tagging up the customer L2 data and tunnelling back to the POP). Whilst it is the other 'end' of the connection from the one you are asking about, it does show how to put a simple queue on data that is bridged, rather than routed. On Mon, Aug 18, 2014 at 12:31 PM, Paul Julian <paul@oxygennetworks.com.au> wrote:
HI Dave, thanks for your reply, so did you create the bridge to get this to work in your scenario or are you doing the PPPOE somewhere else ?
Regards Paul
-----Original Message----- From: Public [mailto:public-bounces@talk.mikrotik.com.au] On Behalf Of David Smith Sent: Monday, 18 August 2014 12:17 PM To: MikroTik Australia Public List Subject: Re: [MT-AU Public] NBN Traffic Management
Hi Paul,
We're not connecting to the NBN but here's a config from a RB2011 that I'm using as an NTU for a L2 network handoff. The customer router is connected to ether2 and the data is bridged onto a tagged VLAN and out ether1 (to the access network). I found that I had to enable use-ip-firewall-for-pppoe=yes for the queue to actually start tracking the traffic (the customer connection is PPPoE).
/interface vlan add interface=ether1 l2mtu=1594 name=ether1.Data vlan-id=850 /interface bridge filter add action=mark-packet chain=forward in-bridge=data_bridge new-packet-mark=customer01 out-interface=ether2 add action=mark-packet chain=forward in-bridge=data_bridge in-interface=ether2 new-packet-mark=customer01 /interface bridge port add bridge=data_bridge interface=ether1.Data add bridge=data_bridge interface=ether2 /interface bridge settings set use-ip-firewall=yes use-ip-firewall-for-pppoe=yes use-ip-firewall-for-vlan=yes
/queue simple add burst-limit=40M/100M burst-time=5s/5s max-limit=40M/100M name=Internet_e2_100/40 packet-marks=customer01 target=ether2
Regards,
Dave
On Mon, Aug 18, 2014 at 11:09 AM, Paul Julian <paul@oxygennetworks.com.au> wrote:
Hi guys, is anybody successfully doing CVC traffic shaping at the head end for NBN services ??
Having a hard time getting traffic to match the CVC's for outgoing management, it should be working with just the mangle rule on the postrouting chain using the CVC vlan as the interface I would have thought, but I can't get any packets to match the sucker ! I'm wondering if it might have something to do with the bonding setup for LACP and whether I have to enable the firewall for vlans in the bridge firewall settings.
Any thoughts ?
Regards Paul _______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com. au
_______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.au
_______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.au
OK Thanks Dave, yeh so I suppose my question was mainly regarding whether you had to set those settings because you were running the connection through a bridge or whether those settings may have been required without the bridge in place. Regards Paul -----Original Message----- From: Public [mailto:public-bounces@talk.mikrotik.com.au] On Behalf Of David Smith Sent: Monday, 18 August 2014 1:14 PM To: MikroTik Australia Public List Subject: Re: [MT-AU Public] NBN Traffic Management I'm hosting the PPPoE server in another site so this config is essentially duplicating the UNI-D port of an NBN (i.e. tagging up the customer L2 data and tunnelling back to the POP). Whilst it is the other 'end' of the connection from the one you are asking about, it does show how to put a simple queue on data that is bridged, rather than routed. On Mon, Aug 18, 2014 at 12:31 PM, Paul Julian <paul@oxygennetworks.com.au> wrote:
HI Dave, thanks for your reply, so did you create the bridge to get this to work in your scenario or are you doing the PPPOE somewhere else ?
Regards Paul
-----Original Message----- From: Public [mailto:public-bounces@talk.mikrotik.com.au] On Behalf Of David Smith Sent: Monday, 18 August 2014 12:17 PM To: MikroTik Australia Public List Subject: Re: [MT-AU Public] NBN Traffic Management
Hi Paul,
We're not connecting to the NBN but here's a config from a RB2011 that I'm using as an NTU for a L2 network handoff. The customer router is connected to ether2 and the data is bridged onto a tagged VLAN and out ether1 (to the access network). I found that I had to enable use-ip-firewall-for-pppoe=yes for the queue to actually start tracking the traffic (the customer connection is PPPoE).
/interface vlan add interface=ether1 l2mtu=1594 name=ether1.Data vlan-id=850 /interface bridge filter add action=mark-packet chain=forward in-bridge=data_bridge new-packet-mark=customer01 out-interface=ether2 add action=mark-packet chain=forward in-bridge=data_bridge in-interface=ether2 new-packet-mark=customer01 /interface bridge port add bridge=data_bridge interface=ether1.Data add bridge=data_bridge interface=ether2 /interface bridge settings set use-ip-firewall=yes use-ip-firewall-for-pppoe=yes use-ip-firewall-for-vlan=yes
/queue simple add burst-limit=40M/100M burst-time=5s/5s max-limit=40M/100M name=Internet_e2_100/40 packet-marks=customer01 target=ether2
Regards,
Dave
On Mon, Aug 18, 2014 at 11:09 AM, Paul Julian <paul@oxygennetworks.com.au> wrote:
Hi guys, is anybody successfully doing CVC traffic shaping at the head end for NBN services ??
Having a hard time getting traffic to match the CVC's for outgoing management, it should be working with just the mangle rule on the postrouting chain using the CVC vlan as the interface I would have thought, but I can't get any packets to match the sucker ! I'm wondering if it might have something to do with the bonding setup for LACP and whether I have to enable the firewall for vlans in the bridge firewall settings.
Any thoughts ?
Regards Paul _______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com. au
_______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com. au
_______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com. au
_______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.au
participants (2)
-
David Smith
-
Paul Julian